Statistics from Make UK’s Cyber Security in Manufacturing study reveals nearly 50% of UK manufacturers had experienced cybercrime in the last 12 months and of those attacks, the most common result (65%) was production stoppages. It’s very clear that building cyber defences throughout the manufacturing supply chain is crucial, especially as businesses are rapidly adopting more technological-based approaches.

Dewi Gaylard, technology manager at Orangebox, a manufacturer and Cyber Resilience Centre for Wales (WCRC) advisory group member, explains how it’s commonplace for cyber-attacks on a company to originate from within the supply chain before it hits.

It's Monday morning, and your business is gearing up for a productive week. Manufacturing plans are in place, and the usual request for materials is out to your suppliers. Then, the bad news hits—your key supplier, responsible for a critical component of your product, suffered a cyber incident over the weekend and can no longer deliver the parts you need. This unexpected hiccup halts your production line. You may have some time before your own stock levels runs out, but what happens then?

This scenario is becoming alarmingly common. Your manufacturing processes grind to a halt, your reputation takes a hit, and your bottom line suffers—all because of an incident that, on the surface, seems unrelated to your business. Or is it?

The reality is cyber threats to your supply chain are threats to your business. Supply chains are the lifeblood of manufacturing, and threat actors know this. They are increasingly targeting the supply chains of the companies they want to disrupt. This can lead to supplier losses, manufacturing delays, increased costs to source alternatives, and even compliance failures when new suppliers don't meet your quality standards. Today, supply chain resilience is more critical than ever.

What can business leaders do? A lot, actually.

1. Planning: The Foundation of Incident Response

The first step in protecting your supply chain from cyber threats is to understand the level of threat and develop a comprehensive incident response plan. Begin with a thorough risk assessment. Understand the vulnerabilities within your supply chain, and identify which suppliers pose the most risk to your operations. Know the critical information they hold and the value of the projects they support.

Don’t hesitate to ask your suppliers about their own cyber resilience. Gauge their maturity and understanding of cyber security issues. Communicate your security requirements clearly, and if necessary, include them in your contracting processes. An open line of communication builds trust and strengthens relationships. If you can offer support or guidance, do so—your suppliers will appreciate it.

Once you have assessed the risks, develop a clear and actionable response strategy. Your strategy should be flexible enough to adapt to various scenarios but robust enough to provide clear guidance during a crisis. Remember, an incident response plan isn’t a one-off exercise; it requires regular reviews and updates. Adjust your strategies as your business and supply chain evolve.

2. Educating the Workforce: A Critical Priority

One of the most impactful actions you can take is to educate both your workforce and your supply chain partners on the risks of cyber threats. Awareness is key. Make sure your team understands what to look out for and how to respond to potential threats, including phishing emails, malware, and social engineering techniques.

Develop a training programme that includes regular rehearsals of your incident response plan. Even the best-laid plans can fail if the people executing them aren’t adequately trained. Encourage cross-functional collaboration to bring diverse perspectives to incident response. Make sure representatives from procurement, production, logistics, IT, and other critical departments are involved in both planning and execution.

Also, build communication channels that allow your business and suppliers to share information quickly and effectively. If you notice suspicious activity, alert your suppliers—they will appreciate the early warning, and this cooperation strengthens the entire supply chain.

3. Building a Just and Open Culture

Create a culture of openness and proactive problem-solving within your business and across your supply chain. Encourage employees at all levels to report potential risks and suggest improvements without fear of repercussions. This "just culture" helps identify issues early before they escalate into full-blown crises.

Consider how your organisation handles fire safety or physical hazards—cyber threats should be treated with the same seriousness and urgency. Promote this mindset across your teams and your suppliers to ensure everyone understands the importance of cyber security.

Conclusion: Resilience Is No Longer Optional

Business leaders in manufacturing can no longer afford to overlook the importance of building resilience to cyber disruptions in their supply chains. As global supply chains become more unpredictable, your ability to respond swiftly and effectively to disruptions will be crucial to maintaining operational stability.

By identifying risks, planning, and educating your workforce and supply chain partners, you can build a more robust and responsive supply chain that doesn’t just survive but thrives in today's challenging cyber climate.

Need more assistance? The WCRC can help with setting up supply chain security guidance and incident response planning. Join the free membership programme to receive additional direction, resources, cyber threat updates and more.

For further reading, visit the UK Government’s National Cyber Security Centre (NCSC) website for more resources and insights.